From: Sylvain Desbureaux Date: Mon, 30 Nov 2020 07:46:48 +0000 (+0000) Subject: Merge "[PLATFORM] Add new fake deployment to fix offline certificates generation... X-Git-Tag: 7.0.0~9 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=cfc5e1f3c393125655a80ac0106db8eec2ede42a;hp=e094524d6bc3f83c562486177649cfea8bc2f93f;p=oom.git Merge "[PLATFORM] Add new fake deployment to fix offline certificates generation" into guilin --- diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 9473a6abcb..5baa804792 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -146,6 +146,11 @@ global: truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks" truststorePassword: "secret" + # Indicates offline deployment build + # Set to true if you are rendering helm charts for offline deployment + # Otherwise keep it disabled + offlineDeploymentBuild: false + # TLS # Set to false if you want to disable TLS for NodePorts. Be aware that this # will loosen your security. diff --git a/kubernetes/platform/components/oom-cert-service/Makefile b/kubernetes/platform/components/oom-cert-service/Makefile index c4723dfdd1..736a19fbd4 100644 --- a/kubernetes/platform/components/oom-cert-service/Makefile +++ b/kubernetes/platform/components/oom-cert-service/Makefile @@ -27,7 +27,12 @@ all: start_docker \ # Starts docker container for generating certificates - deletes first, if already running start_docker: @make stop_docker - docker run -d --rm --name ${DOCKER_CONTAINER} --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/certs -w /certs docker.io/openjdk:11-jre-slim tail -f /dev/null + $(eval REPOSITORY := $(shell cat ./values.yaml | grep -i "^[ \t]*repository" -m1 | xargs | cut -d ' ' -f2)) + $(eval JAVA_IMAGE := $(shell cat ./values.yaml | grep -i "^[ \t]*certificateGenerationImage" -m1 | xargs | cut -d ' ' -f2)) + $(eval FULL_JAVA_IMAGE := $(REPOSITORY)/$(JAVA_IMAGE)) + $(eval USERNAME :=$(shell id -u)) + $(eval GROUP :=$(shell id -g)) + docker run --rm --name ${DOCKER_CONTAINER} --user "$(USERNAME):$(GROUP)" --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/app -w /app --entrypoint "sh" -td $(FULL_JAVA_IMAGE) # Stops docker container for generating certificates. 'true' is used to return 0 status code, if container is already deleted stop_docker: @@ -89,7 +94,7 @@ client_sign_certificate_by_root: #Import root certificate into client client_import_root_certificate: @echo "Import root certificate into intermediate" - ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceClientByRoot.crt" + ${DOCKER_EXEC} sh -c "cat root.crt >> certServiceClientByRoot.crt" @echo "####done####" #Import signed certificate into certService's client @@ -124,7 +129,7 @@ server_sign_certificate_by_root: #Import root certificate into server server_import_root_certificate: @echo "Import root certificate into intermediate(server)" - ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceServerByRoot.crt" + ${DOCKER_EXEC} sh -c "cat root.crt >> certServiceServerByRoot.crt" @echo "####done####" #Import signed certificate into certService diff --git a/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml b/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml new file mode 100644 index 0000000000..ba12874eb6 --- /dev/null +++ b/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml @@ -0,0 +1,31 @@ +{{/* + # Copyright © 2020, Nokia + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. +*/}} + +{{- if .Values.global.offlineDeploymentBuild }} +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + containers: + - name: {{ include "common.name" . }} + image: {{ include "common.repository" . }}/{{ .Values.certificateGenerationImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{ end -}} diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml index 3ab9895037..bcb2544ce5 100644 --- a/kubernetes/platform/components/oom-cert-service/values.yaml +++ b/kubernetes/platform/components/oom-cert-service/values.yaml @@ -34,6 +34,7 @@ global: # Standard OOM pullPolicy: "Always" repository: "nexus3.onap.org:10001" + offlineDeploymentBuild: false # Service configuration @@ -44,6 +45,8 @@ service: port: 8443 port_protocol: http +# Certificates generation configuration +certificateGenerationImage: onap/integration-java11:7.1.0 # Deployment configuration repository: nexus3.onap.org:10001